package com.mla.fastdfs.shiro;

import com.mla.fastdfs.filter.CheckAutoFilter;
import com.mla.fastdfs.filter.LoginFilter;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import javax.servlet.Filter;
import java.util.LinkedHashMap;
import java.util.Map;

@Configuration
public class ShiroConfig {

    @Bean
    //此处Qualifier绑定的是getDefaultSecurityManager这个bean对象
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager) {
        //前两步固定套路，工厂模式创建一个shiroFilterFactoryBean,然后将下面的defaultWebSecurityManager设置进来
        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
        bean.setSecurityManager(defaultWebSecurityManager);
        Map<String, Filter> filters = bean.getFilters();
        filters.put("authc", loginFilter());
        filters.put("checkAuth", checkAutoFilter());


        // <!-- authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问-->
        Map<String, String> filterMap = new LinkedHashMap<>();

        //注意此处的页面路劲不是网页名称，而是MVC中的方法
        filterMap.put("/fastDfsChunkUpload","anon");
        filterMap.put("/zipPartUpload","anon");
        filterMap.put("/upload","anon");
        filterMap.put("/group/list", "anon");
        filterMap.put("/user/list", "anon");
        filterMap.put("/upload-up-info/pageList", "anon");
        filterMap.put("/upload-up-info/getByIdentifier", "anon");
        filterMap.put("/part/**", "anon");
        filterMap.put("/userWorkOrder/**", "anon");
        filterMap.put("/permission/getMenu", "anon");
        filterMap.put("/role/roleInfo", "anon");
        filterMap.put("/record/**", "anon");

        filterMap.put("/user/login", "anon");
        // filterMap.put("/user/login", "anon");
        filterMap.put("/user/code", "anon");
        filterMap.put("/user/logout", "logout");
        /*filterMap.put("/**", "authc");*/
        filterMap.put("/**", "checkAuth,authc");

        bean.setFilterChainDefinitionMap(filterMap);

        //设置登录时路径
        bean.setLoginUrl("/common/notLogin");

        return bean;
    }


    //DefaultWebSecurityManager,中间商，处理用户 授权 以及 认证 的合法性，以此转交给上面的FilterFactorBean进行过滤
    @Bean(name = "securityManager")                             //此处Qualifier绑定的是userRealm这个bean对象
    public DefaultWebSecurityManager getDefaultSecurityManager(@Qualifier("userRealm") UserRealm userRealm) {
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();

        //关联Realm
        defaultWebSecurityManager.setRealm(userRealm);
        defaultWebSecurityManager.setSessionManager(sessionManager());
        return defaultWebSecurityManager;
    }

    @Bean(name = "sessionManager")
    public DefaultWebSessionManager sessionManager() {
        DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
        // 设置session过期时间3600s
        sessionManager.setGlobalSessionTimeout(3600000L);
        return sessionManager;
    }

    //创建Realm对象,用来进行授权以及认证功能,完毕后转交给SecurityManager进行合法性验证
    @Bean
    public UserRealm userRealm() {
        return new UserRealm();
    }

    @Bean
    public CheckAutoFilter checkAutoFilter() {
        return new CheckAutoFilter();
    }

    @Bean
    public LoginFilter loginFilter() {
        return new LoginFilter();
    }

    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(org.apache.shiro.mgt.SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }
}
